Review of Types of Security Threats and Software Tools Designed to Protect Computer - Article Example

Assignment FV1203 (IT & CAD) TASK 1: Review of types of security threats and software tools designed to protect computer Introduction This is the final report of a study, the purpose of which was to improve the computer security capability of the customer's systems. Threats Scope In order to design the security of a system, it is necessary to understand the types of threats and attacks that can be mounted against a computer system, and how these threats may manifest' themselves. It is also important to understand the threats and their sources from the viewpoint of identifying other data sources by which the threat may be recognized. To assist the reader, the following definitions are used in this paper: Threat: The potential possibility of a deliberate unauthorized attempt to: a) access information b) manipulate information c) render a system unreliable or unusable Risk: Accidental and unpredictable exposure of information, or violation of operations integrity due to malfunction of hardware or incomplete or incorrect software design. Vulnerability: A known or suspected flow in the hardware or software design or operation of a system that exposes the system to penetration of its information to accidental disclosure. Attack: A specific formulation or execution of a plan to carry out a threat. Penetration: A successful attack; the ability to obtain unauthorized (undetected) access to files and programs or the control state of a computer system. In considering the threat problem, the principal breakdown of threats is on the basis of whether or not an attacker is normally authorized to use the computer system, and whether or not a user of the computer system is authorized to use a particular resource in the system. Penetration In many installations, the internal penetration is frequent than external penetrations. This is true for a variety of reasons, not the least of which is the internal penetrator has overcome a major barrier to unauthorized access; that is, the ability to gain use of a machine. Computer systems play such a critical role in business, government, and daily life that organizations must take special steps to protect their Computer systems and to ensure that they are accurate and reliable. Lets discuss what are the various threats to Computer Systems. Why Systems are Vulnerable When large amounts of data are stored in electronic form they are vulnerable to many more kinds of threats than when they exist in manual form. They can stem from technical, organizational, and environmental factors compounded by poor management decisions. Advances in telecommunications and computer software have magnified these vulnerabilities. Through telecommunications networks, Computer systems in different locations can be interconnected. The potential for unauthorized access, abuse, or fraud is not limited to a single location but can occur at any access point in the network. Additionally, more complex and diverse hardware, software, organizational, and personnel arrangements are required for telecommunications networks, creating new areas and opportunities for penetration and manipulation. Wireless networks using radio-based technology are even more vulnerable to penetration, because radio frequency bands are easy to scan. Wireless devices can form ad hoc networks that can be exploited by malicious entities to disrupt service, collect confidential information, and disseminate false information. Because wireless devices roam in and out of wireless zones, such attacks can be difficult to trace. The Internet poses special problems, because it was explicitly designed to be accessed easily by people on different computer systems. · Hardware failure Fire · Software failure Electrical problems · Personnel actions User errors · Terminal access penetration Programs changes · Theft of data, services, Telecommunications or equipments problems Among the various threats to Information System the most common threat is computer virus. Computer Viruses Alarm has risen over hackers propagating computer viruses, rogue software programs that spread rampantly from system to system, clogging computer memory or destroying programs or data. Many thousands of viruses are known to exist, with 200 or more new viruses created each month. Many viruses today are spread through the Internet from files of downloaded software or from files attached to e-mail transmissions. Viruses can also invade computerized information systems from other computer networks as well as from “infected” diskettes from an outside source or infected machines. The potential for massive damage and loss from future computer viruses remains. The Chernobyl, Melissa, and ILOVEYOU viruses caused extensive PC damage worldwide after spreading around the world through infected e-mail. Now viruses are spreading to wireless computing devices. Mobile device viruses could pose a serious threat to enterprise computing because so many wireless devices are now linked to corporate information systems. Organizations can use antivirus software and screening Procedure to reduce the chances of infection. Antivirus software is special software designed to check computer systems and disks for the presence of various computer viruses. Often the software can eliminate the virus from the infected area. However, most antivirus software is only effective against viruses already known when the software is written- to protect their systems, management must continually update their antivirus software. Example of some Viruses and there Description Oncept, Melissa Macro viruses that exist inside executable programs called macros, which provide functions within programs such as Microsoft Word. Can be spread when Word documents are attached to e-mail. Can copy from one document to another and delete files. Form Makes a clicking sound with each keystroke but only on the eighteenth day of the months. May corrupt data on the floppy disks it infects. Explore.exe “Worm” type virus that arrives attached to email. When launched tries to e-mail itself to other PCs and to destroy certain Microsoft Office and programmer files. Monkey Makes the hard disk seem as if it has failed, because Windows will not run. Chernobyl Erases a computer’s had drive and ROM BIOS (Basic Input/Output System). Junkie A “multi parties” virus that can infect files as well as the boot sector of the hard drive (the section of a PC hard drive that the PC first reads when it boots up). May cause memory conflicts. Another threat to Computer Systems is natural disaster, which comes without informing. Disaster Computer hardware, programs, data files, and other equipment can be destroyed by files, power failures, or other disasters. It may take many years and millions of dollars to reconstruct destroyed data files and computer programs, and some may not be replaceable. If an organization needs them to function on a day-to-day basis, it will no longer be able to operate. This why companies such as VISA USA Inc. and National Trust employ elaborate emergency backup facilities. VISA USA Inc. has duplicate mainframes, duplicate network pathways, duplicate terminals, and duplicate power supplies. VISA even uses a duplicate data center in McLean, Virginia, to handle half of its transactions and to serve as an emergency backup to its primary data center in San Mateo, California. National Trust, a large bank in Ontario, Canada, uses uninterruptible power supply technology provided by International Power Machines (IPM), because electrical power at its Mississauga location fluctuates frequently. Rather than build their own backup facilities. Many firms contract with disaster recovery firms, such as Comdisco Disaster Recovery Services in Rosemont, Illinois, and Sungard Recovery Services headquartered in Wayne, Pennsylvania. These disaster recovery firms provide hot sites critical applications in an emergency. Disaster recovery services offer backup for client/ serve systems as well as traditional mainframe applications. As firms become increasingly digital and depend on systems that must be constantly available, disaster recovery planning has taken on new importance. A disaster recovery plan includes establishing a chain of command for running the business in the event of a computer outage as well as identification of critical computer processing tasks and backup database, storage, and processing capabilities. In addition to disasters, viruses, and security breaches, defective software and data pose a constant threat to information systems, causing untold losses in productivity. An undiscovered error in a company’s credit software or erroneous financial data can result in millions of dollars of looses. A hidden software problem in AT&T’s long distance system brought down that system, bringing the new York-based financial exchanges to a halt and interfering with billions of dollars of business around the country for a number of hours. Modern passenger and commercial vehicles are increasingly dependent on computer programs for critical functions. A hidden software defect in a braking system could result in the loss of lives. Bugs and Defects A major problem with software is the presence of hidden bugs or program code defects. Studies have shown that it is virtually impossible to eliminate all bugs from large programs. The main source of bugs is the complexity of decision-making code. Even a relatively small program of several hundred lines will contain tens of decisions leading to hundreds or even thousand of different paths. Important programs within most corporations are usually much larger, containing tens of thousands or even millions of lines of code, each with many times the choices and paths of the smaller programs. Such complexity is difficult to document and design-designers document some reactions wrongly or fail to consider other possibilities. Studies show that about 60 percent of errors discovered during testing are a result of specifications in the design documentation that were missing, ambiguous, in error, or in conflict. Zero defects, a goal of the total quality management movement, cannot be achieved in larger programs. Complete testing simply is not possible. Fully testing programs that contain thousands of choices and millions of paths would require thousands of years. Eliminating software bugs is an exercise in diminishing returns, because it would take proportionately longer testing to detect and eliminate obscure residual bugs. Even with rigorous testing, one could not know for sure that a piece of software was dependable until the product proved itself after much operational use the message? We cannot eliminate all bugs, and we cannot know with certainty the seriousness of the bugs that do remain. Another reason that systems are unreliable is that computer software traditionally has been a nightmare to maintain. Maintenance, the process of modifying a system in production use, is the most expensive phase of the systems development process. In most organizations nearly half of information systems staff time is spent in the maintenance of existing systems. Why are maintenance costs so high? One major reason is organizational change. The firm may experience large internal changes in structure or leadership, or change may come from its surrounding environment. These organizational changes affect information requirements. Anther reason appears to be software complexity, as measured by the number and size of interrelated software programs and subprograms and the complexity of the flow of program logic between them. A third common cause of long-term maintenance problems is faulty systems analysis and design, especially information requirement analysis. If errors are detected early, during analysis and design, the cost to the systems development effort is small. But if they are not discovered until after programming, testing, or conversion have been completed, the costs can soar astronomically. A minor logic error, for example, that could take one hour to correct during the analysis and design stage could take 10, 40, and 90 times as long to correct during programming, conversion, and post implementation, respectively. Cyber crime is becoming one of the Net’s growth businesses. Today, criminals are doing everything from stealing intellectual property and committing fraud to unleashing viruses and committing acts of cyber terrorism. Software installed on my computer for protection McAfee Total Protection McAfee Total Protection provides comprehensive, proactive 12-in-1 security that guards what you value and with McAfee SiteAdvisor Plus, actively shields your PC from interaction with dangerous Web sites. Continuously and automatically updating, McAfee service helps prevent online hacker attacks with the latest protection. Also, it features a back-up and restore capability for computer crashes and environmental mishaps. McAfee Total Protection includes multi-user Parental Controls, protection from identity theft, spam, and scams. With McAfee's security service you always have the latest enhancements and threat updates that block viruses and spyware. Also, it includes a firewall to deter hacking. McAfee Internet security McAfee Internet Security Suite with SiteAdvisor is a proactive 10-in-1 always-updating security bundle that protects what you value, your identity and your computer from viruses, spyware, e-mail and IM scams, hackers and online predators, and provides automated backup for important files. Surf the Web, shop, bank, e-mail, instant message, and download files with confidence. McAfee SiteAdvisor and Parental Controls help you and your family members avoid unsafe Web sites. McAfee's security service continuously and automatically delivers the most up-to-date features, enhancements, and threat data. Also, automated PC tune-ups remove unnecessary files for peak PC performance. McAfee VirusScan Plus McAfee VirusScan Plus offers proactive PC security to prevent malicious attacks, so you can protect what you value as well as surf, search, and download files online with confidence. McAfee SiteAdvisor's Web safety ratings, help you avoid unsafe Web sites. This service also provides security against multi-pronged attacks by combining anti-virus, anti-spyware and firewall technologies. McAfee's security service continuously delivers the latest software so your protection is never out-of-date. McAfee VirusScan VirusScan with SiteAdvisor offers advanced detection and protection services to optimize your computer's defense against the latest security threats, including viruses, Trojans, tracking cookies, spyware, adware, and other potentially unwanted programs. With VirusScan, protection extends beyond the files and folders on your desktop or laptop, targeting threats from different points of entry-including e-mail, instant messages, and the Web. With McAfee SiteAdvisor, Web safety ratings help you avoid unsafe Web sites. TASK2: Typeset the following mathematical formulas, taken from the SFPE Handbook Please include the formulas for this task as you were not able to provide me with the SFPE Handbook 3rd Edition. Task 3: Using MS Excel, plot graphs of the functions It was required to make a graph of the following functions: F1(x) = 5*SIN(2*x)/2*(x+1) F2(x) = COS(2*x)*EXP(x/4) F3(x) = TAN(x/2)*SIN(x) The following steps were taken to make the graph for the functions: Type your own formula 1. Click the cell in which to type a formula an equation that calculates a new value from existing values. 1. Type an equal sign (=) followed by the formula. 1. Press ENTER. Create a graph 1. In a spreadsheet, selected the plus sign to the cell or field , double click with the mouse, moved the insertion point to the beginning of the text, click and hold down the mouse button while you move the insertion point over the text , and then release the mouse button the data entriesvalues such as text or numbers in cells to use to create the chart. 1. On the Tools menu, clicked Create New Chart. 1. Clicked the Basic Options tab. 1. Clicked the chart type . 1. In the Chart title box, typed the title to appear on the chart. The following table shows the function values for 0 Read More